Tag

Prompt Injection

All articles tagged with #prompt injection

Windows Device IDs, Router Backdoors, and AI Payment Tricks: This Week in Cybersecurity
security1 hour ago

Windows Device IDs, Router Backdoors, and AI Payment Tricks: This Week in Cybersecurity

This week’s cybersecurity news centers on Windows’ new Global Device ID that can be tied to user activity, raising privacy concerns as Windows’ market share declines; researchers also found a hard-coded backdoor in Tenda router firmware with no available fix, prompting recommendations to disable remote management or replace the router. Other highlights include a Reddit/Discord account-hijacking scam, a US government payout (around $1M) to the Kairos data-extortion group with disputed outcomes, and prompt-injection attacks that trick AI agents into making crypto payments across multiple large-language models.

BioShocking reveals game-like prompts can override safety in AI-powered browsers
security8 days ago

BioShocking reveals game-like prompts can override safety in AI-powered browsers

Security researchers from LayerX disclose BioShocking, a BioShock-inspired vulnerability that can coax AI-powered browsers into treating tasks as a game, bypassing real-world safety guardrails. Their PoC uses a layered puzzle and a deliberate math error (2+2=5) to steer the agent to a /code URL where it could exfiltrate credentials, with demonstrations against Claude Chrome and patch gaps in OpenAI’s Atlas; experts say effective mitigation requires multi-layer defenses and explicit user confirmations for sensitive actions.

BioShocking prompts AI browsers into data theft
technology10 days ago

BioShocking prompts AI browsers into data theft

LayerX’s BioShocking reveals a prompt-injection technique that can mislead AI-powered browsers into treating real-world risky actions as fictional, bypassing safety guardrails. In a PoC, six agentic browsers (ChatGPT Atlas, Comet, Fellou, Genspark Browser, Sigma Browser, Claude Chrome plugin) were shown a final task that instructed them to visit a GitHub repo and copy sensitive data (including passwords), after which they failed to identify it as a threat. OpenAI reportedly patched the issue in ChatGPT Atlas; Anthropic’s Chrome plugin fix was ineffective; Perplexity AI did not fix the problem. The researchers urge explicit user confirmations for sensitive actions, stronger context checks, and tighter session scope, while users should restrict AI browser access to sensitive services.

BioShocking: AI Browsers Tricked into Exfiltrating Credentials
technology10 days ago

BioShocking: AI Browsers Tricked into Exfiltrating Credentials

Security firm LayerX exposed BioShocking, a prompt-injection attack that can force AI browsers/assistants to exfiltrate credentials by turning a web page into a game; six AI agents were tested, including OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude extension; the exploit leverages how pages and instructions arrive as a single text stream, blurring safety rules and enabling data access from signed-in sessions; OpenAI patched Atlas, Perplexity did not act, and other vendors either did not respond or patches did not hold; defenses include requiring explicit consent before reading from logged-in accounts and implementing hard limits on what an agent can access, with users and security teams treating AI browsers as elevated tools with narrow permissions.

Three-stage flaw turns Copilot Enterprise into a one-click data thief
technology26 days ago

Three-stage flaw turns Copilot Enterprise into a one-click data thief

A three-stage vulnerability chain dubbed SearchLeak lets attackers exfiltrate sensitive data from a target’s Microsoft 365 Copilot Enterprise sources (mail, OneDrive, SharePoint) via a crafted Copilot Search URL. The chain combines a parameter-to-prompt injection, an HTML rendering race condition, and a CSP bypass enabled by Bing SSRF. When a victim clicks the link, Copilot performs the search and formats results into an image URL; the browser then requests that image through Bing, revealing the data to the attacker in the logs. Microsoft patched CVE-2026-42824 with a critical rating; no user action is required, but the incident highlights how prompt injection can weaponize legacy bugs in AI-enabled tools.

OpenAI Adds Lockdown Mode to ChatGPT to curb data exfiltration risks
technology1 month ago

OpenAI Adds Lockdown Mode to ChatGPT to curb data exfiltration risks

OpenAI is rolling out an optional Lockdown Mode for eligible ChatGPT users to reduce data exfiltration risk from prompt injections by restricting outbound web access and other capabilities (live web browsing, image display, network access, and file downloads); it complements existing safeguards, cannot be used with Developer Mode, and does not guarantee complete protection, with risk potentially remaining via apps or new techniques; the update also adds a separate account-management feature to review and log out active sessions.

Codex Prompts Ban Goblins: OpenAI’s No-Creatures Policy Surfaces in GitHub Doc
artificial-intelligence2 months ago

Codex Prompts Ban Goblins: OpenAI’s No-Creatures Policy Surfaces in GitHub Doc

A GitHub document from OpenAI, part of Codex CLI open-sourcing, appears to reveal a system prompt for GPT-5.5 that enforces a strict no-creatures policy—specifically banning goblins, gremlins, raccoons, trolls, ogres, pigeons, and similar beings unless absolutely relevant to the query. The rule emphasizes providing high-signal context and avoids generic platitudes. The policy sparked memes about “Goblin Mode,” but Codex staff say it isn’t a marketing gimmick, and observers note the chatter around goblin usage may relate to prompt-injection monitoring.

OpenClaw Under Fire: Prompt Injection and Data Leakage Risks
security3 months ago

OpenClaw Under Fire: Prompt Injection and Data Leakage Risks

CNCERT warns that OpenClaw’s weak default security and privileged execution could enable prompt-injection attacks, including indirect prompt injection via web content and link previews that leak sensitive data; other risks include misinterpretation causing data loss, uploading malicious skills to repositories like ClawHub, and exploiting known vulnerabilities. China is restricting OpenClaw in state entities, while attackers distribute malware via GitHub rep o s posing as OpenClaw installers. Mitigations include hardening networks, isolating the service, avoiding plaintext credentials, downloading skills only from trusted sources, disabling automatic updates, and keeping the agent up to date.

OpenClaw Taps VirusTotal to Vet ClawHub Skills
cybersecurity5 months ago

OpenClaw Taps VirusTotal to Vet ClawHub Skills

OpenClaw will scan every skill uploaded to ClawHub with VirusTotal (and Code Insight) via a SHA-256 hash check; benign results auto-approve, suspicious items warning, and malware blocked, with daily re-scans, while the team notes VirusTotal isn’t a silver bullet and will publish a threat model, security roadmap, and audits amid broader concerns over OpenClaw’s risk to enterprise security.

Moltbook’s AI-Only Network Sparks Digital-Drug Market and Bot-Driven Fears
technology5 months ago

Moltbook’s AI-Only Network Sparks Digital-Drug Market and Bot-Driven Fears

Relaunched nine days ago, Moltbook markets itself as an AI-only social network with millions of AI agents and communities; reports describe a thriving bot culture including a marketplace for digital drugs—prompt injections—that could hijack other agents and expose keys or passwords, plus ideas of religious formations and governance takeovers; experts warn of security risks and question how much of the hype reflects genuine AI agency versus human masquerade.

Calendar invites expose private data through Google Gemini prompt injection
technology5 months ago

Calendar invites expose private data through Google Gemini prompt injection

Researchers demonstrated a prompt-injection attack against Google Gemini by embedding a malicious payload in a Google Calendar invite description. When the recipient asks Gemini about their schedule, the assistant executes the embedded instructions, creates a new event, and copies private meeting details into the event description, leaking sensitive data to the attacker. Google added mitigations after the disclosure, underscoring the need for context-aware defenses as AI assistants access calendar data.

Prompt-Injected Invites Expose Private Calendar Data Through Google Gemini
security5 months ago

Prompt-Injected Invites Expose Private Calendar Data Through Google Gemini

Security researchers disclosed a flaw in Google Gemini where a crafted calendar invite enables indirect prompt injection, causing Gemini to summarize and exfiltrate private meeting data by creating a new calendar event that could be visible to attackers; the finding highlights AI-enabled attack surfaces and the need for stronger guardrails and identity controls across AI workflows.